Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud
01 Jun 2013-IEEE Transactions on Parallel and Distributed Systems (IEEE)-Vol. 24, Iss: 6, pp 1182-1191
TL;DR: This paper proposes a secure multi-owner data sharing scheme, named Mona, for dynamic groups in the cloud, leveraging group signature and dynamic broadcast encryption techniques, so that any cloud user can anonymously share data with others.
Abstract: With the character of low maintenance, cloud computing provides an economical and efficient solution for sharing group resource among cloud users. Unfortunately, sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud is still a challenging issue, due to the frequent change of the membership. In this paper, we propose a secure multi-owner data sharing scheme, named Mona, for dynamic groups in the cloud. By leveraging group signature and dynamic broadcast encryption techniques, any cloud user can anonymously share data with others. Meanwhile, the storage overhead and encryption computation cost of our scheme are independent with the number of revoked users. In addition, we analyze the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in experiments.
Citations
More filters
24 Jun 2012
TL;DR: This paper proposes a novel privacy-preserving mechanism that supports public auditing on shared data stored in the cloud that exploits ring signatures to compute verification metadata needed to audit the correctness of shared data.
Abstract: With cloud storage services, it is commonplace for data to be not only stored in the cloud, but also shared across multiple users. However, public auditing for such shared data --- while preserving identity privacy --- remains to be an open challenge. In this paper, we propose the first privacy-preserving mechanism that allows public auditing on shared data stored in the cloud. In particular, we exploit ring signatures to compute the verification information needed to audit the integrity of shared data. With our mechanism, the identity of the signer on each block in shared data is kept private from a third party auditor (TPA), who is still able to verify the integrity of shared data without retrieving the entire file. Our experimental results demonstrate the effectiveness and efficiency of our proposed mechanism when auditing shared data.
389 citations
Cites methods from "Mona: Secure Multi-Owner Data Shari..."
...tect the content of private data in the cloud, this user can also encrypt data before outsourcing it into the cloud server with encryption techniques [30], [31], such as the combination of symmetric key encryption and attribute-based encryption (ABE) [30]....
[...]
TL;DR: A novel public auditing mechanism for the integrity of shared data with efficient user revocation in mind is proposed, which allows the cloud to re-sign blocks on behalf of existing users during user revocation, so that existing users do not need to download and re-signed blocks by themselves.
Abstract: With data storage and sharing services in the cloud, users can easily modify and share data as a group. To ensure shared data integrity can be verified publicly, users in the group need to compute signatures on all the blocks in shared data. Different blocks in shared data are generally signed by different users due to data modifications performed by different users. For security reasons, once a user is revoked from the group, the blocks which were previously signed by this revoked user must be re-signed by an existing user. The straightforward method, which allows an existing user to download the corresponding part of shared data and re-sign it during user revocation, is inefficient due to the large size of shared data in the cloud. In this paper, we propose a novel public auditing mechanism for the integrity of shared data with efficient user revocation in mind. By utilizing the idea of proxy re-signatures, we allow the cloud to re-sign blocks on behalf of existing users during user revocation, so that existing users do not need to download and re-sign blocks by themselves. In addition, a public verifier is always able to audit the integrity of shared data without retrieving the entire data from the cloud, even if some part of shared data has been re-signed by the cloud. Moreover, our mechanism is able to support batch auditing by verifying multiple auditing tasks simultaneously. Experimental results show that our mechanism can significantly improve the efficiency of user revocation.
265 citations
Cites background from "Mona: Secure Multi-Owner Data Shari..."
...To ensure the privacy of cloud shared data at the same time, additional mechanisms, such as [24], can be utilized....
[...]
14 Apr 2013
TL;DR: A novel public auditing mechanism for the integrity of shared data with efficient user revocation in mind is proposed, which allows the cloud to re-sign blocks on behalf of existing users during user revocation, so that existing users do not need to download and re-signed blocks by themselves.
Abstract: With data services in the cloud, users can easily modify and share data as a group. To ensure data integrity can be audited publicly, users need to compute signatures on all the blocks in shared data. Different blocks are signed by different users due to data modifications performed by different users. For security reasons, once a user is revoked from the group, the blocks, which were previously signed by this revoked user must be re-signed by an existing user. The straightforward method, which allows an existing user to download the corresponding part of shared data and re-sign it during user revocation, is inefficient due to the large size of shared data in the cloud. In this paper, we propose a novel public auditing mechanism for the integrity of shared data with efficient user revocation in mind. By utilizing proxy re-signatures, we allow the cloud to re-sign blocks on behalf of existing users during user revocation, so that existing users do not need to download and re-sign blocks by themselves. In addition, a public verifier is always able to audit the integrity of shared data without retrieving the entire data from the cloud, even if some part of shared data has been re-signed by the cloud. Experimental results show that our mechanism can significantly improve the efficiency of user revocation.
224 citations
Cites methods from "Mona: Secure Multi-Owner Data Shari..."
...Then, we will describe how to construct our public auditing mechanism for shared data based on this proxy re-signature scheme in the next section....
[...]
TL;DR: This paper focuses on enabling data sharing and storage for the same group in the cloud with high security and efficiency in an anonymous manner by leveraging the key agreement and the group signature to support anonymous multiple users in public clouds.
Abstract: Group data sharing in cloud environments has become a hot topic in recent decades. With the popularity of cloud computing, how to achieve secure and efficient data sharing in cloud environments is an urgent problem to be solved. In addition, how to achieve both anonymity and traceability is also a challenge in the cloud for data sharing. This paper focuses on enabling data sharing and storage for the same group in the cloud with high security and efficiency in an anonymous manner. By leveraging the key agreement and the group signature, a novel traceable group data sharing scheme is proposed to support anonymous multiple users in public clouds. On the one hand, group members can communicate anonymously with respect to the group signature, and the real identities of members can be traced if necessary. On the other hand, a common conference key is derived based on the key agreement to enable group members to share and store their data securely. Note that a symmetric balanced incomplete block design is utilized for key generation, which substantially reduces the burden on members to derive a common conference key. Both theoretical and experimental analyses demonstrate that the proposed scheme is secure and efficient for group data sharing in cloud computing.
205 citations
Cites methods from "Mona: Secure Multi-Owner Data Shari..."
...Thus, regardless of the length of the message to be signed (i.e., |m| ), the signature length of our scheme and Mona is 1443 bits or approximately 180 bytes, while TPP requires 2691 bits or roughly equal to 336 bytes....
[...]
...3(c) shows that our scheme is almost the same as TPP but superior to that of Mona....
[...]
...In [17], a secure scheme was proposed to support anonymous data sharing in cloud computing....
[...]
...Considering the data sharing situation, in Mona, the cloud holding the vital RL can easily perform a collusion attack with any users (i.e., valid users and revoked users)....
[...]
...Specifically, operations for key generation in Mona is 3Cw + (r + 5)Cp + 1Cm , where the number of point multiplications are advanced with the increase in the number of revoked users (i.e., r )....
[...]
13 Jan 2014
TL;DR: This paper proposes a novel privacy-preserving mechanism that supports public auditing on shared data stored in the cloud that exploits ring signatures to compute verification metadata needed to audit the correctness of shared data.
Abstract: With cloud data services, it is commonplace for data to be not only stored in the cloud, but also shared across multiple users. Unfortunately, the integrity of cloud data is subject to skepticism due to the existence of hardware/software failures and human errors. Several mechanisms have been designed to allow both data owners and public verifiers to efficiently audit cloud data integrity without retrieving the entire data from the cloud server. However, public auditing on the integrity of shared data with these existing mechanisms will inevitably reveal confidential information-identity privacy-to public verifiers. In this paper, we propose a novel privacy-preserving mechanism that supports public auditing on shared data stored in the cloud. In particular, we exploit ring signatures to compute verification metadata needed to audit the correctness of shared data. With our mechanism, the identity of the signer on each block in shared data is kept private from public verifiers, who are able to efficiently verify shared data integrity without retrieving the entire file. In addition, our mechanism is able to perform multiple auditing tasks simultaneously instead of verifying them one by one. Our experimental results demonstrate the effectiveness and efficiency of our mechanism when auditing shared data integrity.
195 citations
References
More filters
TL;DR: The clouds are clearing the clouds away from the true potential and obstacles posed by this computing capability.
Abstract: Clearing the clouds away from the true potential and obstacles posed by this computing capability.
9,282 citations
"Mona: Secure Multi-Owner Data Shari..." refers background in this paper
...Unfortunately, sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud is still a challenging issue, due to the frequent change of the membership....
[...]
TL;DR: This work proposes a fully functional identity-based encryption (IBE) scheme based on bilinear maps between groups and gives precise definitions for secure IBE schemes and gives several applications for such systems.
Abstract: We propose a fully functional identity-based encryption (IBE) scheme. The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational Diffie--Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure IBE schemes and give several applications for such systems.
5,110 citations
30 Oct 2006
TL;DR: This work develops a new cryptosystem for fine-grained sharing of encrypted data that is compatible with Hierarchical Identity-Based Encryption (HIBE), and demonstrates the applicability of the construction to sharing of audit-log information and broadcast encryption.
Abstract: As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).
4,257 citations
"Mona: Secure Multi-Owner Data Shari..." refers background in this paper
...First, identity privacy is one of the most significant obstacles for the wide deployment of cloud computing....
[...]
09 Dec 2001
TL;DR: A short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves is introduced, designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
Abstract: We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
3,697 citations
TL;DR: It is proved that a very slight variation of the well-known El Gamal signature scheme resists existential forgeries even against an adaptively chosen-message attack and an appropriate notion of security related to the setting of electronic cash is defined.
Abstract: Since the appearance of public-key cryptography in the seminal Diffie--Hellman paper, many new schemes have been proposed and many have been broken. Thus, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years is often considered as a kind of validation procedure. A much more convincing line of research has tried to provide ``provable'' security for cryptographic protocols. Unfortunately, in many cases, provable security is at the cost of a considerable loss in terms of efficiency. Another way to achieve some kind of provable security is to identify concrete cryptographic objects, such as hash functions, with ideal random objects and to use arguments from relativized complexity theory. The model underlying this approach is often called the ``random oracle model.'' We use the word ``arguments'' for security results proved in this model. As usual, these arguments are relative to well-established hard algorithmic problems such as factorization or the discrete logarithm.
In this paper we offer security arguments for a large class of known signature schemes. Moreover, we give for the first time an argument for a very slight variation of the well-known El Gamal signature scheme. In spite of the existential forgery of the original scheme, we prove that our variant resists existential forgeries even against an adaptively chosen-message attack. This is provided that the discrete logarithm problem is hard to solve.
Next, we study the security of blind signatures which are the most important ingredient for anonymity in off-line electronic cash systems. We first define an appropriate notion of security related to the setting of electronic cash. We then propose new schemes for which one can provide security arguments.
2,016 citations